zoukankan      html  css  js  c++  java
  • SQL Server加密存储过程的破解

    建好sp后,在“连接到数据库引擎”对话框的“服务器名称”框中,键入 ADMIN:,并在其后继续键入服务器实例的名称。例如,若要连接到名为 ACCTPAYABLE 的服务器实例,请键入 ADMIN:ACCTPAYABLE。然后再调用此存储过程来查看。

    CREATE PROCEDURE dbo.sp__procedure$decrypt
    (@procedure sysname = NULL, @revfl int = 1)
    AS
    SET NOCOUNT ON

    IF @revfl = 1
    BEGIN
    PRINT 'CAUTION: THIS PROCEDURE DELETES AND REBUILDS THE ORIGINAL STORED PROCEDURE.'
    PRINT ' MAKE A BACKUP OF YOUR DATABASE BEFORE RUNNING THIS PROCEDURE.'
    PRINT ' IDEALLY, THIS PROCEDURE SHOULD BE RUN ON A NON-PRODUCTION COPY OF THE PROCEDURE.'
    PRINT ' To run the procedure, change the @revfl parameter to 0'
    RETURN 0
    END

    DECLARE @intProcSpace bigint
       ,@t bigint
       ,@maxColID smallint
       ,@intEncrypted tinyint
       ,@procNameLength int

    select @maxColID = max(subobjid)
       --//,@intEncrypted = imageval
    FROM sys.sysobjvalues
    WHERE objid = object_id(@procedure)
    GROUP BY imageval

    --select @maxColID as 'Rows in sys.sysobjvalues'
    select @procNameLength = datalength(@procedure) + 29

    DECLARE @real_01 nvarchar(max)
    DECLARE @real_02 nvarchar(max)
    DECLARE @real_03 nvarchar(max)
    DECLARE @real_04 nvarchar(max)
    DECLARE @real_05 nvarchar(max)

    DECLARE @fake_01 nvarchar(max)
       ,@fake_02 nvarchar(max)
       ,@fake_03 nvarchar(max)
       ,@fake_04 nvarchar(max)
       ,@fake_05 nvarchar(max)

    DECLARE @fake_encrypt_01 nvarchar(max)
    DECLARE @fake_encrypt_02 nvarchar(max)
    DECLARE @fake_encrypt_03 nvarchar(max)
    DECLARE @fake_encrypt_04 nvarchar(max)
    DECLARE @fake_encrypt_05 nvarchar(max)

    DECLARE @real_decrypt_01 nvarchar(max)
       ,@real_decrypt_01a nvarchar(max)
       ,@real_decrypt_02 nvarchar(max)
       ,@real_decrypt_02a nvarchar(max)
       ,@real_decrypt_03 nvarchar(max)
       ,@real_decrypt_03a nvarchar(max)
       ,@real_decrypt_04 nvarchar(max)
       ,@real_decrypt_04a nvarchar(max)  
       ,@real_decrypt_05 nvarchar(max)
       ,@real_decrypt_05a nvarchar(max)  

    select @real_decrypt_01a = ''
       ,@real_decrypt_02a = ''
       ,@real_decrypt_03a = ''
       ,@real_decrypt_04a = ''
       ,@real_decrypt_05a = ''

    -- extract the encrypted imageval rows from sys.sysobjvalues
    SELECT @real_01=substring(imageval,1,8000)
       ,@real_02=substring(imageval,8001,16000)
       ,@real_03=substring(imageval,16001,24000)
       ,@real_04=substring(imageval,24001,32000)
       ,@real_05=substring(imageval,32001,40000)
    FROM sys.sysobjvalues
    WHERE objid = object_id(@procedure) and valclass = 1 and subobjid = 1

    -- create this table for later use
    create table #output ( [ident] [int] IDENTITY (1, 1) NOT NULL ,
    [real_decrypt] NVARCHAR(MAX)
    )

    -- We'll begin the transaction and roll it back later
    BEGIN TRAN
    -- alter the original procedure, replacing with dashes
    SET @fake_01='ALTER PROCEDURE '+ @procedure +' WITH ENCRYPTION AS
    '+REPLICATE('-', 40003 - @procNameLength)

    EXECUTE (@fake_01)

    -- extract the encrypted fake imageval rows from sys.sysobjvalues
    SELECT   @fake_encrypt_01=substring(imageval,1,8000)
       ,@fake_encrypt_02=substring(imageval,8001,16000)
       ,@fake_encrypt_03=substring(imageval,16001,24000)
       ,@fake_encrypt_04=substring(imageval,24001,32000)
       ,@fake_encrypt_05=substring(imageval,32001,40000)
    FROM sys.sysobjvalues
    WHERE objid = object_id(@procedure) and valclass = 1 and subobjid = 1

    SET @fake_01='CREATE PROCEDURE '+ @procedure +' WITH ENCRYPTION AS '
        + REPLICATE('-', 40003 - @procNameLength)
    --start counter
    SET @intProcSpace=1
    --fill temporary variable with with a filler character
    SET @real_decrypt_01 = replicate(N'A', (datalength(@real_01) /2 ))

    --loop through each of the variables sets of variables, building the real variable
    --one byte at a time.
    SET @intProcSpace=1

    -- Go through each @real_xx variable and decrypt it, as necessary
    WHILE @intProcSpace<=(datalength(@real_01)/2)
    BEGIN
    --xor real & fake & fake encrypted
    SET @real_decrypt_01 = stuff(@real_decrypt_01, @intProcSpace, 1,
    NCHAR(UNICODE(substring(@real_01, @intProcSpace, 1)) ^
    (UNICODE(substring(@fake_01, @intProcSpace, 1)) ^
    UNICODE(substring(@fake_encrypt_01, @intProcSpace, 1)))))
    SET @intProcSpace=@intProcSpace+1
    END

    --one byte at a time.
    SET @intProcSpace=1

    -- Go through each @real_xx variable and decrypt it, as necessary
    WHILE @intProcSpace<=(datalength(@real_02)/2)
    BEGIN
    --xor real & fake & fake encrypted
    SET @real_decrypt_02 = stuff(@real_decrypt_02, @intProcSpace, 1,
    NCHAR(UNICODE(substring(@real_02, @intProcSpace, 1)) ^
    (UNICODE(substring(@fake_02, @intProcSpace, 1)) ^
    UNICODE(substring(@fake_encrypt_02, @intProcSpace, 1)))))
    SET @intProcSpace=@intProcSpace+1
    END

    --one byte at a time.
    SET @intProcSpace=1

    -- Go through each @real_xx variable and decrypt it, as necessary
    WHILE @intProcSpace<=(datalength(@real_03)/2)
    BEGIN
    --xor real & fake & fake encrypted
    SET @real_decrypt_03 = stuff(@real_decrypt_03, @intProcSpace, 1,
    NCHAR(UNICODE(substring(@real_03, @intProcSpace, 1)) ^
    (UNICODE(substring(@fake_03, @intProcSpace, 1)) ^
    UNICODE(substring(@fake_encrypt_03, @intProcSpace, 1)))))
    SET @intProcSpace=@intProcSpace+1
    END

    --one byte at a time.
    SET @intProcSpace=1

    -- Go through each @real_xx variable and decrypt it, as necessary
    WHILE @intProcSpace<=(datalength(@real_04)/2)
    BEGIN
    --xor real & fake & fake encrypted
    SET @real_decrypt_04 = stuff(@real_decrypt_04, @intProcSpace, 1,
    NCHAR(UNICODE(substring(@real_04, @intProcSpace, 1)) ^
    (UNICODE(substring(@fake_04, @intProcSpace, 1)) ^
    UNICODE(substring(@fake_encrypt_04, @intProcSpace, 1)))))
    SET @intProcSpace=@intProcSpace+1
    END

    --one byte at a time.
    SET @intProcSpace=1

    -- Go through each @real_xx variable and decrypt it, as necessary
    WHILE @intProcSpace<=(datalength(@real_05)/2)
    BEGIN
    --xor real & fake & fake encrypted
    SET @real_decrypt_05 = stuff(@real_decrypt_05, @intProcSpace, 1,
    NCHAR(UNICODE(substring(@real_05, @intProcSpace, 1)) ^
    (UNICODE(substring(@fake_05, @intProcSpace, 1)) ^
    UNICODE(substring(@fake_encrypt_05, @intProcSpace, 1)))))
    SET @intProcSpace=@intProcSpace+1
    END

    -- Load the variables into #output for handling by sp_helptext logic

    INSERT INTO #output (real_decrypt)
    SELECT @real_decrypt_01
    UNION ALL
    SELECT @real_decrypt_02
    UNION ALL
    SELECT @real_decrypt_03
    UNION ALL
    SELECT @real_decrypt_04
    UNION ALL
    SELECT @real_decrypt_05
    -- select real_decrypt AS '#output chek' from #output -- Testing

    -- -------------------------------------
    -- Beginning of extract from sp_helptext
    -- -------------------------------------
    declare @dbname sysname
    ,@BlankSpaceAdded int
    ,@BasePos int
    ,@CurrentPos int
    ,@TextLength int
    ,@LineId int
    ,@AddOnLen int
    ,@LFCR int --lengths of line feed carriage return
    ,@DefinedLength int
    ,@SyscomText nvarchar(4000)
    ,@Line nvarchar(255)


    Select @DefinedLength = 255
    SELECT @BlankSpaceAdded = 0 --Keeps track of blank spaces at end of lines. Note Len function ignores trailing blank spaces
    CREATE TABLE #CommentText
    (LineId int
    ,Text nvarchar(255) collate database_default)


    -- use #output instead of sys.sysobjvalues
    DECLARE ms_crs_syscom CURSOR LOCAL
    FOR SELECT real_decrypt
    from #output
    ORDER BY ident
    FOR READ ONLY


    -- Else get the text.

    SELECT @LFCR = 2
    SELECT @LineId = 1


    OPEN ms_crs_syscom

    FETCH NEXT FROM ms_crs_syscom into @SyscomText

    WHILE @@fetch_status >= 0
    BEGIN

    SELECT @BasePos = 1
    SELECT @CurrentPos = 1
    SELECT @TextLength = LEN(@SyscomText)

    WHILE @CurrentPos != 0
    BEGIN
    --Looking for end of line followed by carriage return
    SELECT @CurrentPos = CHARINDEX(char(13)+char(10), @SyscomText,
    @BasePos)

    --If carriage return found
    IF @CurrentPos != 0
    BEGIN
    --If new value for @Lines length will be > then the
    --set length then insert current contents of @line
    --and proceed.

    While (isnull(LEN(@Line),0) + @BlankSpaceAdded +
    @CurrentPos-@BasePos + @LFCR) > @DefinedLength
    BEGIN
    SELECT @AddOnLen = @DefinedLength-(isnull(LEN(@Line),0) +
    @BlankSpaceAdded)
    INSERT #CommentText VALUES
    ( @LineId,
    isnull(@Line, N'') + isnull(SUBSTRING(@SyscomText,
    @BasePos, @AddOnLen), N''))
    SELECT @Line = NULL, @LineId = @LineId + 1,
    @BasePos = @BasePos + @AddOnLen, @BlankSpaceAdded = 0
    END
    SELECT @Line = isnull(@Line, N'') +
    isnull(SUBSTRING(@SyscomText, @BasePos, @CurrentPos-@BasePos + @LFCR), N'')
    SELECT @BasePos = @CurrentPos+2
    INSERT #CommentText VALUES( @LineId, @Line )
    SELECT @LineId = @LineId + 1
    SELECT @Line = NULL
    END
    ELSE
    --else carriage return not found
    BEGIN
    IF @BasePos <= @TextLength
    BEGIN
    --If new value for @Lines length will be > then the
    --defined length
    --
    While (isnull(LEN(@Line),0) + @BlankSpaceAdded +
    @TextLength-@BasePos+1 ) > @DefinedLength
    BEGIN
    SELECT @AddOnLen = @DefinedLength -
    (isnull(LEN(@Line),0) + @BlankSpaceAdded)
    INSERT #CommentText VALUES
    ( @LineId,
    isnull(@Line, N'') + isnull(SUBSTRING(@SyscomText,
    @BasePos, @AddOnLen), N''))
    SELECT @Line = NULL, @LineId = @LineId + 1,
    @BasePos = @BasePos + @AddOnLen, @BlankSpaceAdded =
    0
    END
    SELECT @Line = isnull(@Line, N'') +
    isnull(SUBSTRING(@SyscomText, @BasePos, @TextLength-@BasePos+1 ), N'')
    if LEN(@Line) < @DefinedLength and charindex(' ',
    @SyscomText, @TextLength+1 ) > 0
    BEGIN
    SELECT @Line = @Line + ' ', @BlankSpaceAdded = 1
    END
    END
    END
    END

    FETCH NEXT FROM ms_crs_syscom into @SyscomText
    END

    IF @Line is NOT NULL
    INSERT #CommentText VALUES( @LineId, @Line )

    select Text from #CommentText order by LineId

    CLOSE ms_crs_syscom
    DEALLOCATE ms_crs_syscom

    DROP TABLE #CommentText

    -- -------------------------------------
    -- End of extract from sp_helptext
    -- -------------------------------------

    -- Drop the procedure that was setup with dashes and rebuild it with the good stuff
    -- Version 1.1 mod; makes rebuilding hte proc unnecessary
    ROLLBACK TRAN

    DROP TABLE #output

    GO

    SET QUOTED_IDENTIFIER OFF
    GO
    SET ANSI_NULLS ON
    GO

  • 相关阅读:
    跃迁方法论 Continuous practice
    EPI online zoom session 面试算法基础知识直播分享
    台州 OJ 2648 小希的迷宫
    洛谷 P1074 靶形数独
    洛谷 P1433 DP 状态压缩
    台州 OJ FatMouse and Cheese 深搜 记忆化搜索
    台州 OJ 2676 Tree of Tree 树状 DP
    台州 OJ 2537 Charlie's Change 多重背包 二进制优化 路径记录
    台州 OJ 2378 Tug of War
    台州 OJ 2850 Key Task BFS
  • 原文地址:https://www.cnblogs.com/hz-blog/p/4897743.html
Copyright © 2011-2022 走看看